Python
在使用 Ansible 劇本時,您如何儲存和使用包含引號或其他元字元的密碼,而不會對其進行互動?
我的公司使用 Ansible(我是新手),我們有一個劇本和相關角色,用於將新的 Linux 機器加入 AD。我們的管理員帳戶的密碼每天滾動 3 次,我們無法自行設置。只要密碼中沒有(單
'
引號),Ansible 劇本就可以工作。可能還有其他字元會導致它崩潰,但我知道'
肯定會這樣做。以下是腳本的相關位:
cat setup-ad.yml --- - hosts: "{{ hosts }}" vars_prompt: - name: "username" prompt: "Enter admin account" private: no - name: "password" prompt: "Enter Password" unsafe: yes private: yes vars: domain: "{{ 'mycompany.com' }}" passwd: "{{ password | regex_escape() }}" roles: - join-ad
grep -B2 -A3 'passwd' ./roles/join-ad/tasks/main.yml - name: join to active directory command: net ads join MYCOMPANY.COM -U {{ username }}@MYCOMPANY.COM%'{{ passwd }}' createcomputer=Restricted/Servers/Unix --request-timeout=120 --no-dns-updates no_log: false when: ansible_distribution_major_version >= 6 - name: join to active directory command: net ads join MYCOMPANY.COM -U {{ username }}@MYCOMPANY.COM%'{{ passwd }}' createcomputer=Restricted/Servers/Unix --request-timeout=120 no_log: false when: ansible_distribution_major_version <= 5
我們得到的錯誤是:
TASK [join-ad : join to active directory] ************************************************************************ An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: No closing quotation fatal: [newserver.mycompany.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to newserver.mycompany.com closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/root/.ansible/tmp/ansible-tmp-1590785720.2-224244797633747/AnsiballZ_command.py\", line 102, in <module>\r\n _ansiballz_main()\r\n File \"/root/.ansible/tmp/ansible-tmp-1590785720.2-224244797633747/AnsiballZ_command.py\", line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/root/.ansible/tmp/ansible-tmp-1590785720.2-224244797633747/AnsiballZ_command.py\", line 40, in invoke_module\r\n runpy.run_module(mod_name='ansible.modules.commands.command', init_globals=None, run_name='__main__', alter_sys=True)\r\n File \"/usr/lib64/python2.7/runpy.py\", line 176, in run_module\r\n fname, loader, pkg_name)\r\n File \"/usr/lib64/python2.7/runpy.py\", line 82, in _run_module_code\r\n mod_name, mod_fname, mod_loader, pkg_name)\r\n File \"/usr/lib64/python2.7/runpy.py\", line 72, in _run_code\r\n exec code in run_globals\r\n File \"/tmp/ansible_command_payload_4D4oFT/ansible_command_payload.zip/ansible/modules/commands/command.py\", line 344, in <module>\r\n File \"/tmp/ansible_command_payload_4D4oFT/ansible_command_payload.zip/ansible/modules/commands/command.py\", line 263, in main\r\n File \"/usr/lib64/python2.7/shlex.py\", line 279, in split\r\n return list(lex)\r\n File \"/usr/lib64/python2.7/shlex.py\", line 269, in next\r\n token = self.get_token()\r\n File \"/usr/lib64/python2.7/shlex.py\", line 96, in get_token\r\n raw = self.read_token()\r\n File \"/usr/lib64/python2.7/shlex.py\", line 172, in read_token\r\n raise ValueError, \"No closing quotation\"\r\nValueError: No closing quotation\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} PLAY RECAP ******************************************************************************************************* newserver.mycompany.com : ok=9 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
好的,所以問題是在某些時候
'
被解釋為引用的一系列字元的開頭,而不是簡單的密碼的一部分。我的問題是我不知道如何獲得 Ansible?Python?亞美爾?金賈?將使用者輸入的字元串視為字元串。“字元串文字”在這裡是正確的術語嗎?如果我 ssh 到目標伺服器並
net ads join
手動執行命令,並讓它提示輸入我的密碼,它甚至可以'
在其中使用,所以至少我知道問題不是 Samba 命令。我嘗試過的事情(沒有幫助)是:
- 在周圍添加“硬引號”
{{ passwd }}
- 添加
unsafe: yes
到密碼定義- 添加
passwd: "{{ password | regex_escape() }}"
轉義元字元- 在 Stack 和 Google 上進行大量網際網路搜尋
任何和所有的幫助將不勝感激。
這可能是您正在尋找的
- command: "net ads join MYCOMPANY.COM -U {{ username }}@MYCOMPANY.COM%{{ passwd|quote }} createcomputer=Restricted/Servers/Unix --request-timeout=120"